POODLE: SSLv3.0 vulnerability

Posted on 25. October 2014 by MP

What is POODLE ?

POODLE stands for Padding Oracle On Downgraded Legacy Encryption. This vulnerability allows a man-in-the-middle attacker to decrypt ciphertext using a padding oracle side-channel attack.

How to Fix ?

At present there is no working patch for this bug . So that Admin needs to manually disable SSLv3 on their servers .

Disable SSLv3 – Apache

1) Add ” SSLProtocol All -SSLv2 -SSLv3 ” to httpd.conf

2) Restart apache service .

Disable SSLv3 – Nginx

1) Add ” ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ” to nginx.conf under ssl section .

2) Restart nginx service .

Disable SSLv3 – PostFix

1) change smtpd_tls_mandatory_protocols to ” smtpd_tls_mandatory_protocols =!SSLv2,!SSLv3 ”

2) Restart postfix server .

Disable SSLv3 – Weblogic

Start weblogic with the following JVM option ” -Dweblogic.security.SSL.protocolVersion=TLS1 ”

How to Diagnose ?

# openssl s_client -connect localhost:443 -ssl3

==> If you have already disabled sslv3 , then the output will be as follows

CONNECTED(00000003)

20888:error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure:s3_pkt.c:1053:SSL alert number 40

20888:error:1409E0E5:SSL routines:SSL3_WRITE_BYTES:ssl handshake failure:s3_pkt.c:530:

==> If you are not disabled the sslv3 and you are getting the following output , then your server is vulnerable to POODLE !!.

CONNECTED(00000003)

depth=0 /C=SomeCountry/ST=SomeState/L=Some Place/O=Example Pte Ltd/OU=Systems/CN=453232-example/emailAddress=info@example.com

verify error:num=18:self signed certificate

verify return:1

depth=0 /C=SomeCountry/ST=SomeState/L=Some Place/O=Example Pte Ltd/OU=Systems/CN=453232-example/emailAddress=info@example.com

verify return:1

Certificate chain

0 s:/C=SomeCountry/ST=SomeState/L=Some Place/O=Example Pte Ltd/OU=Systems/CN=453232-example/emailAddress=info@example.com

i:/C=SomeCountry/ST=SomeState/L=Some Place/O=Example Pte Ltd/OU=Systems/CN=453232-example/emailAddress=info@example.com

 

If you manage an entire data center or a corporate intranet, the problem is a little harder to solve than disabling SSL 3.0 in a browser. Regardless of the mitigation strategy you choose, you need to know which of your servers are currently running SSL 3.0. To that end, here a couple of quick scripts based on open source tools that will help you take control of the situation.

The first script, ssl3_cipher_check.sh, checks a single target for the presence of SSL 3.0 ciphers. The results will be similar to the following:

# ssl3_cipher_check.sh 192.168.1.51 443

Testing 192.168.1.51:443 for support of SSL3.0 ciphers…

NULL-MD5…NO (ssl handshake failure)

NULL-SHA…NO (ssl handshake failure)

EXP-RC4-MD5…NO (ssl handshake failure)

RC4-MD5…NO (ssl handshake failure)

RC4-SHA…NO (ssl handshake failure)

EXP-RC2-CBC-MD5…NO (ssl handshake failure)

IDEA-CBC-SHA…NO (no cipher match)

EXP-DES-CBC-SHA…NO (ssl handshake failure)

DES-CBC-SHA…NO (ssl handshake failure)

DES-CBC3-SHA…YES – SSL 3.0 cipher detected

EXP-DH-DSS-DES-CBC-SHA…NO (no cipher match)

DH-DSS-DES-CBC-SHA…NO (no cipher match)

DH-DSS-DES-CBC3-SHA…NO (no cipher match)

EXP-DH-RSA-DES-CBC-SHA…NO (no cipher match)

DH-RSA-DES-CBC-SHA…NO (no cipher match)

DH-RSA-DES-CBC3-SHA…NO (no cipher match)

EXP-DHE-DSS-DES-CBC-SHA…NO (no cipher match)

DHE-DSS-CBC-SHA…NO (no cipher match)

DHE-DSS-DES-CBC3-SHA…NO (no cipher match)

EXP-DHE-RSA-DES-CBC-SHA…NO (no cipher match)

DHE-RSA-DES-CBC-SHA…NO (no cipher match)

DHE-RSA-DES-CBC3-SHA…NO (no cipher match)

EXP-ADH-RC4-MD5…NO (ssl handshake failure)

ADH-RC4-MD5…NO (ssl handshake failure)

EXP-ADH-DES-CBC-SHA…NO (ssl handshake failure)

ADH-DES-CBC-SHA…NO (ssl handshake failure)

ADH-DES-CBC3-SHA…NO (ssl handshake failure)

SSL3 ciphers were detected on server 192.168.1.51:443

The second script, ssl3_scan.sh, allows you to test an entire network range. Using a network range specified in CIDR notation or a format compatible with nmap, the script detects and checks the standard and alternate ports commonly used for HTTPS on all hosts in the network range. Results will be similar to the following:

# ./ssl3_scan.sh 192.168.1.0/24

Beginning test… please be patient…

192.168.1.17:443 – SSL3.0 ciphers NOT supported

192.168.1.35:443 – SSL3.0 ciphers NOT supported

192.168.1.34:443 – SSL3.0 ciphers NOT supported

192.168.1.51:443 – SSL3.0 ciphers supported

192.168.1.58:443 – SSL3.0 ciphers supported

How you decide to mitigate the risk is a decision you will have to make.

http://www.symantec.com/connect/sites/default/files/ssl3_check_scripts.tar.gz

This entry was posted in Linux. Bookmark the permalink.

Leave a Reply

Your email address will not be published.